** You don't need a schema extension, you don't need to deploy any 2012 Domain Controllers, you don't need to flip the bit to Domain or Forest Functional Levels. All you need to do is install the OS and install/enable the Remote Server Administration Tools.

********** EDIT ************

While you don't need the WS 2012 or newer schema extensions, my lab has met a few minimum AD/OS milestones:

Single domain AD Forest with a 2003 R2 SP2 DC and a 2008 non-R2 SP2 DC

Otherwise, you may get an error on the Infrastructure Status tab of the UI stating that "A processing error occurred collecting data using this base domain controller. Please change the base domain controller and try again."

******* END EDIT *********

In this post, I'll show you some things in the updated "Group Policy Management Console" (GPMC).

Before I show off some of the coolness of the new GPMC, hop on the 'way-back' machine and recall the joys of GPO editing circa Windows 2000….anyone remember doing that?

The GPMC is one of those rare IT gems – free, easy to use without too much ramp-up or massive whitepapers to pour through before you're able to make use of the tool and get some work done.

We got it right with that tool….and it has some great improvements in 2012.

Group Policy Infrastructure Status

When you open the GPMC, there is now a 'Status' tab. This shows 'at-a-glance' replication status of the Group Policy elements across your DCs.

Repeating: You don't need any WS 2012 DCs to see this data – GPMC can get the information from W2k3 and newer DCs.

This first screen shot shows that "Infrastructure Status" data has not been gathered yet for this domain and that DC01 is the current "baseline domain controller" (which can be changed).

Click "Detect Now" at the bottom of the tab to initiate the data gathering and comparison against the baseline DC.

** WARNING ** This can take some time in a large AD environment, as it has to check multiple items on EACH DC in the domain.

Click the circle-arrow buttons to see more detail … currently showing that all four GPOs in the domain are in full sync between my baseline DC and my one other DC.

Refresh the console to see how the DCs drift from full sync as GPOs are edited and replication occurs…

If you click the "GPO version" link under "Active Directory" or "SysVol", a dialog displays which shows the version numbers for the GPO(s) not yet in sync…

Refresh the console again to see the replication status settle back into full sync against the baseline DC…

Here's a screenshot of the same process with the "baseline domain controller" being a 2003 R2 DC which also hosts all 5 FSMOs in my lab domain/forest.

And the Domain/Forest functional levels are still at 2003

Remote GP Update

Next up is remote GP Update – yes ladies and gentlemen, you can select an OU and choose to initiate a GPUpdate /FORCE on the computers within that OU.

Two computers are found in the target OU (and any sub-OUs)…

The update fails against one. We can "Save" the log to a CSV file for documentation, historical tracking or further troubleshooting work.

I opened the appropriate firewall ports via the "Group Policy Remote Update Firewall Ports" Starter GPOs which are part of WS 2012, too. I was then able to update the failing system.

You can learn this in a morning and be backing up all GPOs by lunch – that's the POWER of Powershell

GP Reporting

Wrapping up this post, have a look at the GP Reporting improvements (both in Results and Modeling):

A few items of note here:

Displays visually, right at the top of the report, if/when inheritance is blocked – an immediate flag in terms of troubleshooting

Displays visually, right at the top of the report, if/when a GPO is Enforced– an immediate flag in terms of troubleshooting

Whether or not a fast link was detected.

When Policy was last refreshed and how long it took

Active links for recent GPO Event Log data on the target machine

Broken record repeat – important note – the updated GPMC tool is ready to go as soon as you deploy your first WS 2012 or Win8 member system w/ RSAT tools installed and enabled (but PLEASE see the edit towards the top of the post).

Amy – I hear ya … there are things we can offer for some of your requests. There is a mod you can make to DSA.MSC so the right-click menu has a 'Connect via RDP…' choice (http://www.microsoft.com/…/details.aspx).

I am using windows server 2012 and facing an issue with GPMC console. The GPMC console is closing or terminating while closing any of the Group Policy editor from the GPMC console itself. Any idea about this problem?

I had an error data uncollected for a new 3rd DC. DC1 and DC2 were replicating fine but not DC3. \DC3netlogon and \DC3/sysvol network shares were unavailable. This turned out to be an orphaned folder in C:WindowsSYSVOL on DC2! I make no sense why
DC1 and DC2 were replicating with no errors. So, if you run into this situation and start pulling your hair out make sure you cross-reference SYSVOL folder across all DCs folder by folder, file by file.